If you are among the millions planning to log in to Amazon on Tuesday and Wednesday for Prime Day, you are not alone. Cybercriminals are also looking to spoil your fun.
The online sale attracts more than its fair share of scammers — and with a range of new cons on the market, shoppers need to be alert.
Marijus Briedis, a cybersecurity expert at NordVPN, has a rundown of the most popular Amazon scams to be aware of.
Keyboard worrier or typosquatting scams
When the Prime event opens its door just after midnight on Tuesday morning, well-prepared hackers will be looking to profit from any slip-up from enthusiastic shoppers — including typos.
As one of the world’s most popular websites, Amazon has been a key target for a scam called typosquatting, where cyber crooks register domain names using a slight variation of the company’s URL code. The criminals will also imitate the main Amazon website, often adding malware to the links to try and steal the credentials of any unwary visitors.
How to avoid: As well as saving popular sites like Amazon to your online bookmarks, searching for Amazon with a search engine should filter out the spoofed sites and ensure the genuine site is the top hit, even if you misspelt it.
Remote control cold-calling scam
Amazon’s sales event is exclusive to shoppers who’ve signed up for a Prime subscription, and this has led to them being targeted by a new cold-calling fraud scam. It involves a subscriber being called by a scammer posing as an Amazon employee informing them their current Prime deal is about to expire or there have been security issues with their account.
In either case, the remedy offered is the same — the customer is instructed to install a piece of remote access software so the caller can then get onto the customer’s account to “solve the issue”.
Once downloaded, the hacker has complete access to the account and can wreak havoc, stealing personal information and leaving a trail of malware to do further damage.
How to avoid: If an initial phone call doesn’t ring alarm bells, a company asking for you to download remote software is a definite red flag. Amazon would never ask their customers to do this or make a payment outside their platform so you can safely hang up on any caller asking on their behalf.
If you have installed remote access software, quickly disconnect your computer to minimize the damage and then delete the software installation file, which should be at the top of your recent downloads folder, and the application itself.
Brush strike or brushing scams
They say you should never look a gift horse in the mouth, but you should certainly question any unexpected gifts that come to you from Amazon.
If you haven’t ordered them, it’s not your birthday, and no secret admirer is waiting in the wings, you may have been the victim of “brushing”.
This marketing scam occurs when you are sent unsolicited — and usually cheap-to-ship — items through the post.
The aim is for this to be logged as a genuine transaction enabling the vendor responsible to boost their sales figures and, critically, write a glowing review of the gift to boost their status on Amazon’s marketplace.
How to avoid: If you’ve received a mystery package like this it means that the scammer has at least your name and address so it’s worth changing your account’s password and setting up two-factor authentication. File a complaint with Amazon online as they may be able to take action against the vendor.
Textual stealing or smishing scams
Fake delivery scams flourish in peak shopping times like Christmas — and in the last few years they have also increased around Prime Day. Regular Amazon consumers will be used to receiving notifications about their orders from the retailer so it is easy for a hacker to set the bait for a convincing hoax.
These will come in the shape of a text message, which may carry the Amazon logo, a short message and a fake link. Once clicked this could deliver malware or simply alert the scammer so they can follow up with further messages to try to extract money or information from you.
How to avoid: While extremely credible at first glance, many of these SMS or “smishing” scams can be easily identified if you know where to look. Scan the message for any grammar or spelling mistakes and check where the message came from. Amazon texts usually come from a short source code of no more than seven digits, so treat any from standard cell numbers as suspicious. Links that route to a non-Amazon site are another telltale sign of a fraud attempt.
Pressing their lock: ‘Your account has been locked’
One of the common ways online scammers can lure their victims is, ironically, by playing on their cybersecurity fears.
A well-known example is a phishing attempt where an Amazon account holder will be sent an email telling them that, as a precaution against fraud, their account has been locked. The message will typically ask the recipient to enter their login details (directly or via an attached link) to verify their account. It may even claim that there has been an illegal attempt to access it and that, only by confirming your password, can you regain control.
How to avoid: As with the delivery scam, this fraud trades on Amazon’s well-known status and — in the run-up to Prime Day — the eagerness of some shoppers to make sure nothing stands in their way of securing a deal. If you receive a message claiming to be from the company, do not click on any links. Only log into your account by visiting Amazon directly through your web browser — if there are genuine security issues, there will be a message for you under your profile.